cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Gentry <mgen...@masslight.net>
Subject Re: Encrypted Fields
Date Sun, 08 Feb 2009 03:55:07 GMT
On Sat, Feb 7, 2009 at 4:46 PM, Aristedes Maniatis <ari@ish.com.au> wrote:
> Except that credit cards are not a good example here. Speak to your gateway
> provider, but here in Australia they all let you run transactions against
> the same credit card *without storing the card number/expiry date/cvv*.
> Instead you store the previous transaction reference and you can use that to
> process future card payments between that card and the same merchant.
> Infinitely safer than storing card numbers.

So ... you'd want to encrypt the transaction reference and the gateway
provider would want to encrypt the card number/etc.  :-)  I basically
see encryption as being desirable anytime personally
identifiable/critical financial information needs to be stored (bank,
stock trading, commerce, etc) or personally identifiable health
information (doctor's offices, hospitals, testing labs, etc).  I'm
sure there are others, but those are the big ones (to me).

> Americans certainly are strange with their SSNs. You give them out at the
> drop of a hat to buy popcorn, and then still use them as a 'secure' form of
> identification.
>
> Ari

The SSN is almost a joke.  When I first moved to Virginia, the
Department of Motor Vehicles put your SSN on your driver's license (as
your driver's license number).  I was stunned.  I was even more
stunned to find out they had a web site where you could go look up
someone's DL # (their SSN).  Very dumb.  They've fixed that now.
Somewhat.  (You could also get your Virginia driver's license without
proving you were a resident of the state -- which is what I did, too.)

Anyway, I know the white paper needs more work.  It was something I
hacked together right about the time I left Fannie Mae (good timing).
I wanted to get enough details down that I could remember what I was
thinking at the time, but there are some inherent assumptions that I
should flesh out sometime if it is useful to others.  (Since it may
not be obvious what I was thinking.)

Mime
View raw message